CVE-2018-16585
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193)
** EN DISPUTA ** Se ha descubierto un problema en versiones anteriores a la 9.24 de Artifex Ghostscript. El comando de PostScript .setdistillerkeys se acepta incluso aunque no esté diseñado para ser empleado durante el procesamiento de documentos (p.ej., tras la fase de inicio). Esto conduce a una corrupción de memoria que permite que los atacantes remotos puedan proporcionar PostScript diseñado para provocar el cierre inesperado del intérprete o, posiblemente, otro tipo de impacto sin especificar. Nota: Una fuente acreditada cree que CVE es potencialmente un duplicado de CVE-2018-15910 como se explica en Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193).
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2018-09-06 CVE Reserved
- 2018-09-06 CVE Published
- 2023-11-08 EPSS Updated
- 2024-11-14 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=1497d65039885a52b598b137dd8622bd4672f9be | X_refsource_misc | |
| http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=971472c83a345a16dac9f90f91258bb22dd77f22 | X_refsource_misc | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1626193 | X_refsource_misc | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://seclists.org/oss-sec/2018/q3/182 | 2024-05-17 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201811-12 | 2024-05-17 | |
| https://usn.ubuntu.com/3768-1 | 2024-05-17 | |
| https://www.debian.org/security/2018/dsa-4288 | 2024-05-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Artifex Search vendor "Artifex" | Ghostscript Search vendor "Artifex" for product "Ghostscript" | < 9.24 Search vendor "Artifex" for product "Ghostscript" and version " < 9.24" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||